<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<h2> PadBuster包装说明</h2><p style="text-align: justify;"> PadBuster是一个Perl脚本用于自动填充甲骨文的攻击。 PadBuster提供的能力来解密任意密文，任意加密的明文，并进行自动响应分析，以确定请求是否是脆弱的填充神谕攻击。 </p><p>资料来源：https://github.com/GDSSecurity/PadBuster <br> <a href="https://github.com/GDSSecurity/PadBuster" variation="deepblue" target="blank">PadBuster首页</a> | <a href="http://git.kali.org/gitweb/?p=packages/padbuster.git;a=summary" variation="deepblue" target="blank">卡利PadBuster回购</a> </p><ul><li>作者：布莱恩·霍利菲尔德，谭数码科技</li><li>许可：倒数公共许可证1.5 </li></ul><h3>包含在padbuster包工具</h3><h5>进行填充甲骨文的攻击脚本 - padbuster </h5><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="cab8a5a5be8aa1aba6a3">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# padbuster<br>
<br>
+-------------------------------------------+<br>
| PadBuster - v0.3.3                        |<br>
| Brian Holyfield - Gotham Digital Science  |<br>
| <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="ef838e8d9caf888b9c9c8a8c9a9d869b96c18c8082">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>                      |<br>
+-------------------------------------------+<br>
<br>
    Use: padBuster.pl URL EncryptedSample BlockSize [options]<br>
<br>
  Where: URL = The target URL (and query string if applicable)<br>
         EncryptedSample = The encrypted value you want to test. Must<br>
                           also be present in the URL, PostData or a Cookie<br>
         BlockSize = The block size being used by the algorithm<br>
<br>
Options:<br>
     -auth [username:password]: HTTP Basic Authentication<br>
     -bruteforce: Perform brute force against the first block<br>
     -ciphertext [Bytes]: CipherText for Intermediate Bytes (Hex-Encoded)<br>
         -cookies [HTTP Cookies]: Cookies (name1=value1; name2=value2)<br>
         -encoding [0-4]: Encoding Format of Sample (Default 0)<br>
                          0=Base64, 1=Lower HEX, 2=Upper HEX<br>
                          3=.NET UrlToken, 4=WebSafe Base64<br>
         -encodedtext [Encoded String]: Data to Encrypt (Encoded)<br>
         -error [Error String]: Padding Error Message<br>
         -headers [HTTP Headers]: Custom Headers (name1::value1;name2::value2)<br>
     -interactive: Prompt for confirmation on decrypted bytes<br>
     -intermediate [Bytes]: Intermediate Bytes for CipherText (Hex-Encoded)<br>
     -log: Generate log files (creates folder PadBuster.DDMMYY)<br>
     -noencode: Do not URL-encode the payload (encoded by default)<br>
     -noiv: Sample does not include IV (decrypt first block)<br>
         -plaintext [String]: Plain-Text to Encrypt<br>
         -post [Post Data]: HTTP Post Data String<br>
     -prefix [Prefix]: Prefix bytes to append to each sample (Encoded)<br>
     -proxy [address:port]: Use HTTP/S Proxy<br>
     -proxyauth [username:password]: Proxy Authentication<br>
     -resume [Block Number]: Resume at this block number<br>
     -usebody: Use response body content for response analysis phase<br>
         -verbose: Be Verbose<br>
         -veryverbose: Be Very Verbose (Debug Only)</code><h3> padbuster用法示例</h3><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="64160b0b10240f05080d">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# coming soon</code><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
